Question: what’s happened between this year’s IP EXPO Europe and last year’s? Answer: the security arms race has gone into overdrive.
Twelve months seems a short time, but in that period attacking techniques have matured markedly – now hackers are regularly employing sophisticated social engineering techniques in email and instant messages to trick staff. Also, the payload is now becoming more varied with a renewed focus on weaponized attachments used to infiltrate organizations.
So, what’s the next step to protect your organization?
Neutralizing these relentless and sophisticated attacks demands a deep commitment to security. It means investing in the right technology of course but I believe that it's employees who could be the strongest allies of IT managers in fighting back against these threats.
We have seen this before. The security and intelligence services rely on sophisticated surveillance technology but the vigilance and support of the general public is a key line of defense in the battle against terrorists and criminals.
Comprehensive and regular employee awareness programs are an important line of defense in an organization. Building this human firewall will be one of the themes I’ll be addressing in my presentations at IP EXPO this year.
I’ll also be focusing on how migrating to Office 365 presents an opportunity but also significant risks that need to be considered.
Details of my two presentations are below:
- ‘Office 365: Risk or Reward? Or Both?’ at 1:00 pm on Wednesday the 7th of October in the Network & Cloud Infrastructure Theatre
- ‘What's Stopping You Being the next Big Data Breach?’ at 1:40 pm on Thursday the 8th of October in the Cyber Threat Protection Theatre
If you'd like to find out more, drop in to see us (Stand #CC19, in the Cyber Security Europe section) to talk about the risks surrounding on-premises and Office 365 email infrastructure. You can register here for free (a saving of £35) if you enter your details before 7.00 pm, UK time, on Tuesday the 6th of October.
You may be thinking your firewall, desktop antivirus and anti-spam gateway are protecting you, but is your organization really safe from hackers, crackers and cyber-criminals?
There is always one huge gap in your security strategy you’re overlooking – your users! Cyber-criminals know that the weakest link in any organisation is the human; the person at the other end of the screen who is fallible and susceptible to their sophisticated and wily ways.
Cyber-criminals and hackers are making use of sophisticated social engineering techniques in email and instant messages to trick your staff. They research their targets with meticulous accuracy, picking key individuals and apparent soft touches in your business; sending those people cleverly convincing emails, otherwise known as spear-phishing. The hackers have used your personal information, social media presence and publically available information to target you.
Usually, spear-phishing emails will goad you into clicking a compromised link that leads to a malicious website, or tricks you into divulging some login credentials. From there, the hackers gain access to you or your organization’s sensitive information. Incidences of spear-phishing are on the rise across the world, including South Africa, as it becomes the tool of choice for cyber-criminals looking to break into businesses.
If you’re not careful, you might fall prey to these types of spear-phishing hackers. There’s the Crafty Colleague, who uses a disguised email address or domain to appear as one of your co-workers. Then the Dubious Banker, who kindly asks to see that your bank account details comply with regulations such as FICA, RICA and POPI.
We also can’t forget the Tricky Taxman, who acts like they are from the government and informs you of a tax-back pay-out and asks for your banking details or to open a malicious attachment. The Social Media Stalkers constantly monitor your social media accounts to learn what you personally like and use that against you in the form of a fake subscription to a hobby-related or lifestyle magazine, a voucher for a discount on something they know you’ll want or even an opportunity to trial something for free – all in the name of gaining your personal information, credit card details or access to your system. Lastly, there are the Mafia Mailers, who will exploit your fear of a cyberattack by pretending to be protected payment services that need you to update your password or financial details.
In South Africa and throughout the globe, every day people fall for attacks from each of the crafty spear-phishing hackers mentioned above, due mostly to a lack of basic security awareness. Most organizations take a reactive approach to security, only plugging gaps after details of some new exploit has hit the news or worse yet, their own network gets “popped”. National awareness programmes don’t exist, which means users simply don’t know or engage in basic security practices. As a result, at Mimecast we feel that education is hugely important and the first step on the long journey to increase our users’ security awareness.
What needs to happen for to stand a chance against cybercriminals? Locally, companies need to automate their security measures where possible and make security simple for the average user by taking the complexity out of their hands and putting it in the background, as well as making sure that users are made aware of the risks associated with things like links in emails
It takes only one click on a malicious email link for a company’s entire network to be compromised and their intellectual property to end up publically available on the Internet. Therefore, users need to be empowered to make safe choices. By bringing together education, automation and technology, companies can rest assured they’re safe behind the best technological protection available as well as an effective human security system we call the ‘human firewall’. The human firewall is the pinnacle of enterprise security, and one we should all aim for.
To help protect your business from falling victim to cyber-attacks attend the Mimecast Human Firewall Event on 10 September in Johannesburg. Register on www.mimecast.com/cybercrime. If you can’t make it to the event, be sure to check out this on demand human firewall webinar.
We recently released a new Targeted Threat Protection service to help protect employees from weaponized email attachments – Attachment Protect.
Malicious email attachments are a critical threat to businesses as they can easily bypass existing defences as part of sophisticated spear-phishing attacks. For example, a macro in a Word document could run when the file is opened and deploy malware onto targeted systems or attempt to download content from a malicious website. Attackers are using this weakness to infiltrate organizations in order to achieve their goals, that may include stealing data, staging ransomware demands or even a springboard attack on another company.
To counter this threat, sandboxing has become a vital technical defense. Attachment Protect offers this critical protection - incoming mail is held by the Mimecast gateway while we establish if there is any hidden code in the attachment by security checking the file in our sandbox. The sandbox spins up a virtual environment, opens the file and performs a deep security analysis on the contents. If the file is deemed safe, we deliver the mail to the recipient.
But sandboxing does have its limitations. It delays external emails and this can frustrate employees and impact their productivity. It can also be expensive. So organizations often limit who they protect to keep costs under control. That is clearly not ideal as it gives attackers a potential back door into an organization.
Mimecast Targeted Threat Protection - Attachment Protect makes it cost effective and easier to protect the whole organization.
It does this by replacing inbound email attachments that could contain malicious code (e.g. PDF or Microsoft Office files) with safe, transcribed versions – neutralizing any malicious code. Mails passing inbound through our gateway that contain potentially vulnerable attachments are processed by our Message Transfer Agent where they are transcribed to a different file format. For instance, a Word document is converted to a PDF file. The PDF file format visually renders the content in the same way to the reader. The difference is that the execution environment has changed and so any malcious macros or code are rendered inactive as part of this process.
Most employees only need to view attachments, so no further action is needed. In fact, our research shows that approximately 51% of attachments are read-only PDF files, followed by 17% Word, 9% Excel and 3% PowerPoint.* However, if employees need to edit a file, a link in the email can be used to request the original file on-demand via our sandboxing service.
It’s a fresh approach to attachment sandboxing. Administrators can choose the best mix of safety, performance and functionality for their organiziation. In addition, granular reporting allows for end-to-end, real-time threat analysis.
For comprehensive zero-hour threat protection, customers can combine Mimecast Targeted Threat Protection – Attachment Protect, with our URL Protect service. Now, in addition to link rewriting, URL Protect includes innovative user awareness capabilities so IT teams can raise the security awareness of employees.
If you’d like more information, please read more on our site here – thanks!
*Source: Analysis of 1 terabyte of Mimecast platform data, 2015
When it comes to enterprises finding innovative ways to neutralize widespread email-based attacks, I’ve made the case before that it's employees – the same “weak links” who unknowingly click on malicious email URLs and attachments – who could actually be the strongest allies of IT managers in fighting back against these threats.
There’s one caveat, though. The “human firewall” will not be as successful if employees are merely aware that email-based threats exist. Attackers know employees either don't care about cybersecurity or don't know enough to ward off threats, which is why spear-phishing and social engineering attacks continue to be so effective.
Attackers know employees either don't care about cybersecurity or don't know enough to ward off threats, which is why spear-phishing and social engineering attacks continue to be so effective.
To explore the problem further, last week I hosted a webinar, "The Human Firewall: Strengthening Email Security," where I was joined by Mimecast Product Manager Steve Malone and Forrester Research Analyst Nick Hayes.
Here are three takeaways from the webinar:
1. Shore Up Your First Line of Defense
Picture your cybersecurity infrastructure. At the core is all the sensitive data you're trying to protect. The first line of defense should be your cybersecurity technology. This is critical. Technology is not a security guarantee, but if you have the right controls in place, like Targeted Threat Protection, then fewer threats will actually break through.
This is important because your next line of defense comprises your employees – the “human firewall.” If your technology is working correctly, employees won’t be overwhelmed by a wave of continuous threats; they'll be less likely to fall victim to the few that may enter your infrastructure.
2. Appeal to Employees' Ability and Motivation
So, what happens when a threat actually does reach your “human firewall”? Are your employees properly trained to recognize and react to it? The answer depends on how well they were trained.
To illustrate how to educate employees, Nick gave the hypothetical example of a mobile phone ringing and explained there were two reasons why someone wouldn't answer it – either they didn't have the ability to do so (too busy) or didn't have the motivation (just didn't feel like talking).
Applying the example to cybersecurity training, "ability" refers to whether employees have learned how to recognize and respond to threats, while "motivation" refers to whether they understand the consequences of whatever action they take, right or wrong.
The best training stresses both, and does so in compelling language that employees will remember.
3. Link Desired Behaviors to Necessary Knowledge
Once employees understand the threats at bay, the next step is to teach them new behaviors. To get to that point, employees need context. You first have to identify their current behaviors putting your organization at risk. This could be, for example, clicking on malicious links or attachments.
Once those behaviors are clear, determine the desired alternatives. So, instead of clicking on a malicious link, you'd want your employees to recognize a link or attachment as being malicious and then flag it to the IT department. By working backwards from that point, you would know exactly the knowledge you would need to impart upon your employees about email-based threats.
The Writing is on the Firewall
While it may seem farfetched that IT departments can build a savvy, well-trained army of cyber defenders from the same employees who previously snuck shadow IT into the workplace and jeopardized enterprise security, the process works. We've seen the technology and the “human firewall” go hand-in-hand to protect organizations that were previously vulnerable. And it can work for your company too.
To learn more, please play our on-demand webinar, "The Human Firewall: Strengthening Email Security."